Hackers linked to Russian military spoofed domains belonging to two US conservative groups.
A new round of Russian hacking attempts on sites belonging to American organizations has been uncovered ahead of the 2018 midterm elections.
Microsoft said Monday it recently discovered and disabled several fake websites designed to trick visitors and allow a hacking group connected to the Russian government to hack into their computers. Two of the fake sites were designed to mimic two American conservative organizations — Hudson Institute and the International Republican Institute — while three other domains were intended to resemble official US Senate sites.
Microsoft said a hacking group linked to the Russian military and known as Strontium was behind the spoofing campaign. The group, more widely known as “Fancy Bear” and APT 28, has also been linked to a series of hacks in recent years, including one in whichfrom the Democratic National Committee’s computer network in 2016.
Microsoft reportedly found no evidence the fake domains were used in a successful hack. However, spoof sites often host malware designed to automatically infect visiting computers, stealing emails, documents and other sensitive information. After discovering the sites, Microsoft said it obtained a court order to move the domains to its own server to neutralize the threat — an approach the company has used 12 times in two years to shut down 84 fake websites linked to the group.
“Attackers want their attacks to look as realistic as possible and they therefore create websites and URLs that look like sites their targeted victims would expect to receive email from or visit,” President and Chief Legal Officer Brad Smith wrote in a company blog post. “The sites involved in last week’s order fit this description.”
The discovery underscores the challenges faced as the US tries to avoid a repeat of the 2016 election, in which Russian actors used social media to sow seeds of discord among Americans. Disinformation has long been a part of Russia’s foreign policy strategy, and social media has allowed the trolling effort to expand on a viral scale. US intelligence has.
Microsoft’s revelation comes roughly a month after US special counsel Robert Muellerconnected to the during the 2016 election campaign. In February, the Justice Department , a group linked to Russian intelligence services, for a propaganda campaign spread across social media during the 2016 election.
Microsoft’s moves are part of a concerted effort by some of the tech industry’s most influential companies to head off foreign interference before it penetrates their platforms. Representatives from Amazon, Apple, Google, Facebook, Microsoft, Oath, Snap and Twitter, met in April with representatives of the US intelligence community to discuss preparations for the midterm elections.
The US Justice Department has also instituted a new policy to inform Americans of foreign operations attempting to undermine confidence in US democracy. The government’s plan is to notify US companies, private organizations and individuals when a hacking threat by foreign actors is detected.
Microsoft representatives didn’t immediately respond to a request for comment.